<!DOCTYPE html>
<!--thymeleaf 提供了 Spring Security 的标签支持-->
<html lang="en" xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head>
    <meta content="text/html;charset=UTF-8"/>
    <!--获取当前用户的用户名-->
    <title sec:authentication="name"></title>
    <link rel="stylesheet" th:href="@{bootstrap-3.4.1/css/bootstrap.css}"/>
    <link rel="stylesheet" th:href="@{bootstrap-3.4.1/css/bootstrap-theme.css}"/>

    <style type="text/css">
        body {
            padding-top: 50px;
        }
        .starter-template {
            padding: 40px 15px;
            text-align: center;
        }
    </style>
</head>
<body>
    <nav class="navbar navbar-inverse navbar-fixed-top">
        <div class="container">
            <div class="navbar-header">
                <a class="navbar-brand" href="#">Spring Security 演示</a>
            </div>
            <div id="navbar" class="collapse navbar-collapse">
                <ul class="nav navbar-nav">
                    <li><a th:href="@{/}">首页</a></li>
                </ul>
            </div>
        </div>
    </nav>

    <div class="container">
        <div class="starter-template">
            <h1 th:text="${msg.title}"></h1>
            <p class="bg-primary" th:text="${msg.content}"></p>
            <!--当前用户拥有 ROLE_ADMIN 角色时才显示标签-->
            <div sec:authorize="hasRole('ROLE_ADMIN')">
                <p class="bg-info" th:text="${msg.etraInfo}"></p>
            </div>
            <!--当前用户拥有 ROLE_USER 角色时才显示标签-->
            <div sec:authorize="hasRole('ROLE_USER')">
                <p class="bg-info">无更多信息显示</p>
            </div>
            <!--注销的默认路径为 /logout-->
            <form th:action="@{/logout}" method="post">
                <input type="submit" class="btn btn-primary" value="注销"/>
            </form>
        </div>
    </div>
</body>
</html>